Arbor APS STT Unit Optional Console 25jan2018

Partner Technical Training
Arbor APS Console
Partner • Sales • Engineering

APS
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Release 5.12
Objectives
At the conclusion of this unit you should understand how to:

• Describe Arbor APS Console
• Describe Arbor APS Licensing
• Install Arbor APS Console
• Upgrade from Arbor NSI
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2

APS CONSOLE INTRODUCTION

Introduction
Overview
◦ Provides capabilities to manage multiple APS devices from one central
management console
◦ Both the APS and Console must be running a minimum version of 5.11 or
later
◦ The Console can be installed on an appliance or on a VMware hypervisor.
◦ Can manage APS on all platforms (Appliance, VMware, KVM)
© Arbor Networks 2017 4

SUPPORTED DEVICES

Supported Devices
Overview
◦ APS Console can be installed on the following appliance models
‒ APS Console 7000
‒ NSI 51XX
‒ NSI 52XX
◦ APS Console can be installed on the following hypervisor
‒ VMware vSphere 5.5 or later

Supported Devices
APS Console 7000

◦ Package Contents
‒ APS Console 7000
‒ 2 Ethernet patch cables
‒ 2 AC power cords
‒ 1 rail kit with extensions
‒ Legal Documentation
‒ Return Shipping Instructions
◦ Power Options
‒ 850 W AC or DC hot-swap, redundant power supplies
‒ AC: 100 to 240 VAC, 50/60 Hz, 12/6 A
‒ DC: -48 to -72 VDC, 28/14 A max

Supported Devices
APS Console 7000

◦ Physical Dimensions
‒ Chassis: 2U
‒ Height : 3.45 Inches (8.76 cm)
‒ Width: 17.14 Inches (43.53 cm)
‒ Depth: 20 Inches (50.8 cm)
‒ Weight: 36.95 lb (16.76 kg)

Supported Devices

Supported Devices

LICENSING REQUIREMENTS

Licensing Requirements
Overview
◦ APS Console requires a license
◦ Licenses supported
‒ APS-Console
‒ APS-Console-VM
‒ NSI 51XX
‒ NSI 52XX
‒ NSI-Console-VM
◦ The APS console does not support cloud-based licenses

LIMITATIONS

Limitations
◦ APS Console is capable of managing up to 50 APS’

‒ If you assign more than 6 APS devices on average to each protection group, expect a delay
of more than two seconds when loading the Protection Groups List in the UI
‒ Note: The UI may become unresponsive while it creates the graphs for the Protection
groups
◦ A maximum of five concurrent users is recommended
‒ More than 5 concurrent users are permitted, but may cause noticeable performance impact
◦ Supported Browsers
‒ Internet Explorer 11
‒ Firefox 49
‒ Firefox ESR 38
‒ Chrome 54
‒ Safari 9.1

Multi-Version Support for APS Devices
Multi-version support allows an APS Console deployment to manage
different major versions of APS devices
◦ This support lets you upgrade an APS Console deployment incrementally, to
keep your deployment available while running different major versions of APS
software.
Multi-version support is available for different software versions of both
APS and vAPS on an APS Console deployment.
Arbor considers a multi-version APS Console deployment as a short-term
solution.
◦ While a deployment can function long-term in a multi-version state, there are
limitations so Arbor does not recommend this as a long-term deployment
scenario.


APS and APS Console SW Compatibility Matrix
Before you connect APS devices to an APS Console, use the following
matrix to verify that the software versions of the APS devices and the APS
Console are compatible.
APS Console APS Device Version

Version 5.9 5.10 5.10.1 5.11 5.12
5.11 X X X ✔ X
5.12 X X X ✔ ✔
Symbol Rating
✔ Compatible
X Unsupported

INSTALL

Install
Overview - Appliance
◦ The install process is similar to Arbor APS
◦ If prompted, select re(install) from flash
◦ Initial boot will launch the quick installation script

Install
System hostname? [arbos] Demo-APSConsole-1 ping access from which network? [done]
0.0.0.0/0
IP address for interface mgt0: [none]
10.2.32.201 ping access from which network? [done]
Netmask for interface mgt0: [255.255.255.0] snmp access from which network? [done]
255.255.248.0 telnet access from which network? [done]
Media for interface mgt0: [none] ssh access from which network? [done]
0.0.0.0/0
Default route: [none] 10.2.32.1
ssh access from which network? [done]
bgp access from which network? [done]
Generating new SSH host key file.....done.
http access from which network? [done] Current time and date: [051201572017.45]
https access from which network? [done] NTP server IP address: [done] 10.2.24.46
0.0.0.0/0 NTP server IP address: [done]
https access from which network? [done]

Install
Overview - Appliance
◦ Once the system reboots, login using the default credentials
‒ Username: admin
‒ Password: arbor
◦ Update the admin password
admin@APSConsole:/# services aaa local password admin interactive
Changing password for user admin.
New password:
Re-enter new password:
Password changed
passwd: all authentication tokens updated successfully.

Install
◦ Set DNS Server

admin@APSConsole:/# services dns server add 10.2.24.46
◦ Add Shared Secret
admin@APSConsole:/# services aps-console secret set Secret!
◦ Set APS Console License
admin@APSConsole:/# system license set <Product Name> <Module List>
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
◦ Start APS-Console
admin@APSConsole:/# services aps-console start
◦ Save configuration
admin@APSConsole:/# config write

Install
Overview - VMware
◦ Download the .ova file and documentation from https://update.arbor.net
◦ Deploy OVA using vSphere or vCenter
◦ System resources will automatically be set
‒ CPU: 2 Cores
‒ Memory: 4 GB
‒ HDD: 100 GB
◦ There is no quick installation script for VMware deployments

Install
Overview – VMware
◦ Once the system reboots, login using the default credentials
‒ Username: admin
‒ Password: arbor
◦ Update the admin password
◦ Set the IP for MGT interfaces
◦ Add a default route
◦ Set IP Access rules
◦ Set DNS server
◦ Start SSH Services
◦ Configure a Shared Secret
◦ Add a License(s)
◦ Start Services
◦ Save configuration
UPGRADING FROM
ARBOR NSI

Upgrading from NSI
Overview
◦ Supported upgrade path is from NSI 5.7 to APS 5.11
◦ Before you begin
‒ Disconnect all APS’ from NSI 5.7
• Any APS’ connected to the Console during the upgrade will lose all their data.
‒ Perform a Backup of NSI 5.7
◦ Perform the Upgrade
◦ Initialize the database
‒ / services aps-console database initialize
◦ Upgrade all APS’ destined to be connected to the Console to version 5.11
◦ Connect APS’ to Console
‒ During this process all settings and configuration will be synchronized

ADDING/REMOVING APS

Adding/Removing APS
Overview
◦ APS can only be connected to one APS Console
Adding APS
◦ Go to Administration > General
◦ In the Arbor Networks APS Console Connection
section enter the following info
‒ APS Console – IP or URL of the APS Console
‒ Shared Secret – A secret to be shared with the console.
◦ Click Save

Adding/Removing APS
◦ When the APS and Console are connected for the first time an initial bi-
directional sync occurs as seen in the Status section of the screen shot below.
‒ This is the only time a bi-directional sync will occur, moving configuration and setting will
only flow from the Console to the APS

Adding/Removing APS
◦ Once the initial sync is finished the Status should change to Good

Adding/Removing APS
Notes
◦ If a connection error occurs, a connection status box will appear. If no errors
occur the box will be hidden.
‒ The box will display information about the error
‒ Test Connection button will be displayed. Click to retry the connection.

Adding/Removing APS
Removing APS
◦ Go to Administration > General
◦ In the Arbor Networks APS Console Connection section remove the APS
console IP or URL and remove the Shared Secret by clicking the red minus(-)
icon to the right of the field
◦ Click Save

Adding/Removing APS
Removing APS
◦ On the APS Console, an alert will be displayed stating the APS is offline
◦ A new button to delete APS will appear, and clicking it will remove the APS
from the Console

FEATURES

Features
Overview
◦ Create and manage protection groups for IPv4 and IPv6 hosts
◦ Assign protection groups to APS devices
◦ Centralized reports that aggregate data from multiple APS devices
◦ Configure server types and protection settings
◦ Manage Blacklist and Whitelists
◦ Monitor network traffic and status of the connected APS devices
◦ Monitor and respond to APS alerts
◦ Audit trail assists in monitoring system changes

Features
Menu

Features
Dashboard
◦ Click Dashboard in the menu bar
◦ View of traffic flowing through all APS
◦ Active alerts
◦ ATLAS Threat Categories

Features
Dashboard – Active Alerts

◦ Lists all active alerts for all APS devices
connected
◦ Click on any alert to display additional details

Features
Dashboard – APS Traffic

◦ Displays all traffic inspected by all APS devices in a one hour time span
◦ Toggle between time ranges to narrow or expand the search
◦ Click on Showing to filter down traffic for specific APS devices

Features
Dashboard – ATLAS Threat

Categories
◦ Inbound and outbound threats that
match the ATLAS feed will be
displayed here
◦ You can also go to Explore > ATLAS
Threat Categories to display the
same information

Features
Summary
◦ Click on Summary in the menu bar
◦ You can view status of all APS
devices connected to the Console

Features
Summary – System Status

◦ Displays the following information
‒ Last AIF Update Check
‒ Last Backup
‒ Total APS Devices

Features
Summary – System Information

◦ Displays the following information
‒ Severity of Device
‒ Device Type
‒ Hostname
‒ Serial Number
‒ Uptime
‒ Last Seen
‒ Status
‒ Version

Features
Summary – Audit Trail

◦ View Audit log
◦ Audit logs can also be view from Administration > Audit Trail

Features
Blocked Hosts Log

Explore > Blocked Hosts Log
◦ View blocked hosts
◦ Apply some filters to reduce list of
displayed items

Features
Blocked Hosts Log - Filtering

◦ Filter blocked hosts based on various parameters
◦ Traffic Direction
◦ Time
◦ Protection group
◦ APS Device
◦ Source hosts
◦ Threats
◦ Attack Categories

Features
Alerts
Explore > Alerts
◦ Display alerts from all APS devices
◦ Apply filters to narrow down your search

Features
Protection Group
Protect > Inbound Protection > Protection Groups
◦ Here you can view details of configured protection groups and create new
protection groups

Features
Protection Group - Content

◦ Protection group name
◦ Last One Hour bps/pps rates
◦ Server Type
◦ Protection Mode
◦ Protection Level
◦ Alerts
◦ Last modified

Features
Protection Group – Details

◦ Click on a protection group to
view more details

Features
Add Protection Group

◦ To create protection groups click the Add IPv4/IPv6 Protection Group button
◦ Provide the following details
‒ Name
‒ Description
‒ Protected Hosts
‒ Protection Level
‒ Protection Mode
‒ Server Type
‒ Alert Thresholds
◦ Click Save

Features
Protection Group Options

◦ After a protection group is created, clicking the down chevron next to the
name will display options
‒ Edit – Make changes to the protection group
‒ Manage APS Assignments – Assign protection group to an APS device(s)
‒ Delete – Remove the protection group
‒ View Blocked Hosts – Show list of blocked hosts for that protection group

Features
Manage Blacklist
Protect >
Inbound/Outbound
Protection > Blacklist

Features
Toggle Blacklist
◦ Use the tab on the top of the page to toggle between IP Address and
Domains and URL
◦ IP address include Blacklist Hosts, and Blacklist Countries

Features
Add Blacklist
◦ Enter the desired IP Address, CIDR, Country, Domain, or URL in the Field
and click Add

Features
Delete Blacklist
◦ Click the red minus(-) button to remove the value from blacklist
◦ Optionally you also can Whitelist the entry by clicking the whitelist button

Features
Manage Whitelist
Protect > Inbound/Outbound Protection > Whitelist

Features
Add Whitelist
◦ Enter the desired IP Address, CIDR, Country, Domain, or URL in the Field
and click Add

Features
Delete Whitelist
◦ Click the red minus(-) button to remove the entry
◦ Optionally you also can Blacklist the entry by clicking the Blacklist button

Features
Manage Master Filter Lists

◦ Protect > Master Filter Lists

Features
Edit Master Filter Lists
IPv4 FCAP Expressions
IPv6 FCAP Expressions

Features
Saved Master Filter Lists

Features
Manage Server Types

Protect > Inbound Protection >
Server Type Configuration
◦ View and add server types

Features
Viewing/Editing Server Types

◦ Click on a server type to edit and/or view details

Features
Viewing/Editing Server Types

◦ Select the various tabs to view and modify their
respective protection settings
◦ Protections are grouped for ease of use
◦ Click on Display All to view all protection groups in
the typical APS server type view.

Features
Server Type Options

◦ Click the down chevron on next to the server
type name to view additional options
‒ Restore Defaults – restore the server type to the
defaults values
‒ Duplicate – Create a new server type with the same
settings
‒ Delete – Remove the server type

Features
Add Server Type

◦ Go to the section labeled Add a New Server Type
◦ Provide a Name and Base Server Type
◦ Click Add Server Type

Features
Outbound Threat Filter

Protect > Outbound Protection > Outbound Threat Filter
◦ You can configure all protection setting to be applied to all outbound traffic
from your network

Features
Centralized Reports
◦ Click on Reports in the top menu bar
◦ Here you can configure a new report or view existing report

Features
Viewing Reports
◦ Click on a report to open it
◦ Report contains the below
statistics
‒ Cloud Signaling
‒ DDoS Protection
‒ Top Inbound Countries
‒ Top Blocked Threat Categories
‒ Top Inbound Sources/Destinations
‒ APS Devices
‒ Protections Groups

Features
Create Reports
◦ Click on Configure New Report
◦ Provide a Date Range and click Next
◦ Select APS Devices and click Next
◦ Select Protection Groups and click Next
◦ Add a name
◦ Add a description
◦ Add audit trail message
◦ Add delivery options
◦ Click Submit

Features
Delete Reports
◦ Select a report and click the Delete button.

Features
Configure AIF settings

Administration > ATLAS Intelligence Feed
◦ Configure AIF download interval
◦ Setup proxy for download if needed
◦ View status of the last AIF feed download

Features
Configure Backup Settings

Administration > Backup
◦ Setup an automatic backup
schedule
◦ Configure remote server to
store backups
◦ View backup list and
download backups

Features
Manage Files
Administration > Files
◦ Manage files
◦ Create and Manage
Diagnostic Packages
◦ Upload SSL Certificates
◦ Upload Custom Logo
◦ Download SNMP MIB files

Features
Manage Files
◦ To view and manage files files from other connected APS, select a different
device from the dropdown

Features
Configure General Settings

Administration > General
◦ Configure DNS Server
◦ Configure SMTP server
◦ Configure SNMP Community String
◦ Set Hostname
◦ Set Date Format

Features
Configure Notifications
Administration > Notifications
◦ Manage various methods of notifications
‒ Email
‒ SNMP
‒ Syslog
◦ Set default “From” address
for notifications

Features
Configure System Alerts

Administration > System Alerts
◦ Manage alerts
‒ APS Blacklist/Whitelist Table Full
‒ APS Device UP/Down
‒ Misc. System
◦ Click Edit to enable/disable, set severity, and
notification destination

Features
Configure User Accounts

Administration > User Accounts
◦ Add users by clicking the Add Account button
on the top right
◦ Click on a User to view more details and
change setting and/or password
◦ Select the user and Click the Delete button to
remove the user

COMMUNICATION PORTS

Communication Ports

Unit Summary
In this unit we have learned how to:

• Describe Arbor APS Console
• Describe Arbor APS Licensing
• Install Arbor APS Console
• Upgrade from Arbor NSI

Q&A / THANK YOU

Arbor APS STT Unit Optional Console 25jan2018

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Arbor APS STT Unit Optional Console 25jan2018

Загружено:

Авторское право:

Доступные форматы

Partner Technical Training

Arbor APS Console

Partner • Sales • Engineering

At the conclusion of this unit you should understand how to:

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 3

© Arbor Networks 2017 4

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 5

© Arbor Networks 2017 6

APS Console 7000

© Arbor Networks 2017 7

APS Console 7000

© Arbor Networks 2017 8

© Arbor Networks 2017 9

© Arbor Networks 2017 10

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 11

© Arbor Networks 2017 12

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 13

◦ APS Console is capable of managing up to 50 APS’

© Arbor Networks 2017 14

© Arbor Networks 2017 15

APS Console APS Device Version

© Arbor Networks 2017 16

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 17

© Arbor Networks 2017 18

© Arbor Networks 2017 19

© Arbor Networks 2017 20

◦ Set DNS Server

© Arbor Networks 2017 21

© Arbor Networks 2017 22

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 24

© Arbor Networks 2017 25

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 26

© Arbor Networks 2017 27

© Arbor Networks 2017 28

© Arbor Networks 2017 29

© Arbor Networks 2017 30

© Arbor Networks 2017 31

© Arbor Networks 2017 32

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 33

© Arbor Networks 2017 34

© Arbor Networks 2017 35

© Arbor Networks 2017 36

Dashboard – Active Alerts

© Arbor Networks 2017 37

Dashboard – APS Traffic

© Arbor Networks 2017 38

Dashboard – ATLAS Threat

© Arbor Networks 2017 39

© Arbor Networks 2017 40

Summary – System Status

© Arbor Networks 2017 41

Summary – System Information

© Arbor Networks 2017 42

Summary – Audit Trail

© Arbor Networks 2017 43

Blocked Hosts Log

© Arbor Networks 2017 44

Blocked Hosts Log - Filtering

© Arbor Networks 2017 45

© Arbor Networks 2017 46

© Arbor Networks 2017 47

Protection Group - Content